image以外はproxyしないように (#5051)

author: MeiMei <30769358+mei23@users.noreply.github.com> 2019-06-14 12:14:23 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2019-06-14 12:14:23 +0900
commit: 67dda01fcb1fb3476eae9560d5c0404dc48c41f0 (patch)
tree: f77fa1caa000bad78d3aa837977950fcfee3e038 /src/server
parent: サムネイル生成でエラーになってもファイルのアップロ�... (diff)
download: sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.tar.gz
sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.tar.bz2
sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/server/proxy/proxy-media.ts b/src/server/proxy/proxy-media.ts
index e16665f6cd..4535a0fb5d 100644
--- a/src/server/proxy/proxy-media.ts
+++ b/src/server/proxy/proxy-media.ts
@@ -17,6 +17,8 @@ export async function proxyMedia(ctx: Koa.BaseContext) {
 
 		const [type, ext] = await detectMine(path);
 
+		if (!type.startsWith('image/')) throw 403;
+
 		let image: IImage;
 
 		if ('static' in ctx.query && ['image/png', 'image/gif'].includes(type)) {
author	MeiMei <30769358+mei23@users.noreply.github.com>	2019-06-14 12:14:23 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2019-06-14 12:14:23 +0900
commit	67dda01fcb1fb3476eae9560d5c0404dc48c41f0 (patch)
tree	f77fa1caa000bad78d3aa837977950fcfee3e038 /src/server
parent	サムネイル生成でエラーになってもファイルのアップロ�... (diff)
download	sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.tar.gz sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.tar.bz2 sharkey-67dda01fcb1fb3476eae9560d5c0404dc48c41f0.zip